Improving Cyber Security
Following the recent security breaches at TalkTalk and M&S, we have had a spate of customers call in to ask for advice on how to strengthen their security provisions.
Many of you will have heard about the recent data compromises at TalkTalk and M&S and this is driving conversations about how organisations mitigate Cyber Security risk. Ultimately Cyber security is just another risk that a business needs to manage in the same way it does financial, operational, strategic or compliance risk.
The top 5 things customers can do to reduce risk are the following:
Updating and Patching - most attacks are not sophisticated and take advantage of unprotected machines that are not updated. What is your strategy for updating systems? What is the average time between an update being released and deployed?
Configuration - not always an easy sell but one that comes up time and time again is misconfiguration of applications or services. These bad configurations leave systems open to attack that otherwise would be secure.
Device Security - controlling how devices (especially BYOD: Bring Your Own Device) access applications and services is an important way to stop compromised devices getting behind the security layers of an organisation. How do you manage BYOD? How are they authenticated when they join the network?
Password Management - there is no point buying lots of shiny and expensive security equipment if someone sets terrible passwords. Look to manage password policy digitally with complex passwords.
Vulnerability Scanning/Penetration Testing - this will allow you to better understand the risk of each of your systems and provide a to-do list of security steps that need to be taken to get systems up to scratch.
If your business would like to talk to us about your security strategy please call 01224 511 611.